CLAIMS 



Claims 6-30 remain in the application. No claims have been amended, canceled or 

added. 

Listing of Claims: 
1-5. (Canceled). 

6. (Original) A network device comprising: 
at least one processor; 

memory; 
I/O; and 

at least one virtual network machine in the memory, said at least one first virtual network 
machine including a first network interface; 

a first sub-interface data structure in the memory; and 

a first binding data structure in the memory which binds the first network interface to the first 
sub-interface data structure. 

7. (Original) The network device of claim 6 wherein, 

the first network interface is a layer 3 network interface; 

the first sub-interface data structure is a layer 2 interface data structure; and 
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the first binding data structure is layer 2/3 binding structure which binds the first layer 3 
network interface to the layer 2 interface data structure. 

8. (Original) An electronic memory encoded with: 

at least one virtual network machine, said at least one first virtual network machine including 
a first network interface; 

a first sub-interface data structure; and 

a first binding data structure which binds the first network interface to the first sub-interface 
data structure. 

9. (Original) The electronic memory of claim 8 wherein: 
the first network interface is a layer 3 network interface; 

the first sub-interface data structure is a layer 2 interface data structure; and 
the first binding data structure is a layer 2/3 binding data structure which binds the first layer 
3 interface to the first layer 2 interface data structure. 

10. (Original) A method of creating a link in at least one network domain comprising: 
providing a network device including an electronic memory encoded with at least one virtual 

network machine which includes at least one network interface; 

providing at least one sub-interface data structure encoded in the electronic memory; and 
binding the at least one network interface to the at least one sub-interface data structure. 
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1 1 . (Original) The method of claim 1 0 wherein binding includes creating a binding data structure 
that binds the at least one network interface to the at least one sub-interface data structure. 

12. (Original) The method of claim 10 further comprising: 

providing at least one other network interface encoded in the electronic memory; and 
binding the at least one other network interface to the at least one sub-interface data structure. 

13. (Original) The method of claim 12 further including: 

eliminating the binding of the at least one network interface to the at least one sub-interface 
data structure. 

14. (Original) The method of claim 10 further comprising: 

providing at least one other sub-interface data structure encoded in the electronic memory; 

and 

binding the at least one network interface to the at least one other sub-interface data structure. 

15. (Original) The method of claim 14 further including: 

eliminating the binding of the at least one network interface to the at least one sub-interface 
data structure. 

1 6. (Original) The method of claim 1 0, 
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wherein binding the at least one network interface to the at least one sub-interface data 
structure includes creating a binding data structure that binds the at least one network interface to the 
at least one sub-interface data structure; and further including: 

providing at least one other network interface encoded in the electronic memory; 

binding the at least one other network interface to the at least one sub-interface data structure; 

wherein binding the at least one other network interface to the at least one sub-interface data 
structure includes creating a binding data structure that binds the at least one other network interface 
to the at least one sub-interface data structure; and 

eliminating the binding of the at least one network interface to the at least one sub-interface 
data structure while leaving the at least one network interface intact. 

1 7. (Original) The method of claim 1 0, 

wherein binding the at least one network interface to the at least one sub-interface data 
structure includes creating a binding data structure that binds the at least one network interface to the 
at least one sub-interface data structure; and further including: 

providing at least one other network interface encoded in the electronic memory; 

providing the at least one other sub-interface data structure encoded in electronic memory; 

binding the at least one other network interface to the at least one other sub-interface data 
structure; 

wherein binding the at least one network interface to the at least one other sub-interface data 
structure includes creating a binding data structure that binds the at least one network interface to the 
at least one other sub-interface data structure; 
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binding the at least one other network interface to the at least one other sub-interface data 
structure; 

wherein binding the at least one other network interface to the at least one other sub-interface 
data structure includes creating a binding data structure that binds the at least one other network 
interface to the at least one other sub-interface data structxure; 

eliminating the binding of the at least one network interface to the at least one sub-interface 
data structure while leaving the at least one network interface intact. 

1 8. (Original) A method of creating a link in a network domain comprising: 

providing a network device including an electronic memory encoded with a first virtual 
network machine which includes at least one first network interface and with a second virtual 
network machine which includes at least one second network interface; 

providing at least one first sub-interface data structure encoded in the electronic memory; 

providing at least one second sub-interface data structure encoded in the electronic memory; 

binding the at least one first network interface to the at least one first sub-interface data 
structure; and 

binding the at least one second network interface to the at least one second sub-interface data 
structure. 

1 9. (Original) The method of claim 1 8 wherein, 

binding the at least one first network interface to the at least one first sub-interface data 
structure includes creating a first binding data stmcture; and 
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binding the at least one second network interface to the at least one second sub-interface data 
structure includes creating a second binding data structure. 
20(original). The method of claim 1 8 further including: 

binding the at least one second network interface to the at least one first sub-interface data 
structure; and 

eliminating the binding of the at least one second network interface to the at least one second 
sub-interface data structure. 

2 1 . (Original) The method of claim 1 8 further including: 

providing respective first and second network databases associated with the respective first 
and second virtual network machines wherein such respective first and second databases include one 
or more types of control information used to manage or monitor operations, selected from the group 
consisting of: network (layer 3) addressing, layer 3 connections, routing, routing protocols, route 
filters and pohcies, tunneling, tunneling protocols. 

22. (Original) The method of claim 18 further including: 

providing respective first and second network databases associated with the respective first 
and second virtual network machines wherein such respective first and second databases include 
control information used to manage or monitor operations, selected firom the group consisting of: 
network (layer 3) addressing, layer 3 connections, routing, routing protocols, route filters and 
policies, tunneling, tunneling protocols; 
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binding the at least one first network interface to the at least one first sub-interface data 
structure includes creating a first binding data structure; and 

binding the at least one second network interface to the at least one second sub-interface data 
structure includes creating a second binding data structure. 

23. (Original) The method of claim 18 fiirther including: 

providing respective first and second network databases associated with the respecfive first 
and second virtual network machines wherein such respective first and second databases include one 
or more types of control information used to manage or monitor operations, selected firom the group 
consisting of: network (layer 3) addressing, layer 3 connections, routing, routing protocols, route 
filters and policies, tunneling, tunneling protocols; 

binding the at least one first network interface to the at least one first sub-interface data 
structure includes creating a first binding data structure; 

binding the at least one second network interface to the at least one second sub-interface data 
structure includes creating a second binding data structure; 

binding the at least one second network interface to at least one first sub-interface data 
structure; and 

eliminating the binding of the at least one second network interface to the at least one second 
sub-interface data structure. 

24. (Original) A method of creating links between multiple subscriber end stations and multiple 
network domains comprising: 
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providing a network device including an electronic memory encoded with multiple respective 
virtual network machines, said respective virtual network machines including respective 
corresponding network databases which include respective control information that respectively 
imparts router functionality to corresponding respective virtual network machines; said respective 
virtual network machines respectively each including at least one respective network interface for a 
respective network domain; 

providing respective subscriber records in an electronic memory that include 
respective information as to network domains to which respective subscriber end stations of 
respective subscribers may access; 

providing multiple respective sub-interface data structures in the electronic memory 
respectively associated with respective subscribers; 

searching respective subscriber records to identify respective network domains that 
may be accessed by a respective subscriber end station of a respective subscriber; and 

creating respective binding data structures that respectively bind respective sub- 
interface data structures respectively associated with respective subscribers to respective network 
interfaces for respective network domains identified fi-om searching respective subscriber records. 



25. (Original) The method of claim 24 further including: 

providing respective subscriber authentication information and respective subscriber 
authorization information in respective subscriber records; 

providing subscriber authentication and authorization services; and 
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authenticating and authorizing subscriber access to respective network domains using 
respective subscriber records and the subscriber authentication and authorization services. 

26. (Original) The method of claim 24 wherein, 

the multiple respective sub-interface data structures include multiple respective virtual 
circuits. 

27. (Original) The method of claim 24 further including: 

providing in respective subscriber records multiple possible network domain binding options 
for a respective subscriber. 

28. (Original) The method of claim 24 wherein, 

information in respective subscriber records identify multiple respective possible network 
domains to which respective subscriber end stations of respective subscribers may be bound; and 

information in respective subscriber records provide respective criteria for selecting between 
multiple respective network domains for a respective subscriber. 

29. (Original) A subscriber management system comprising: 

a network device including an electronic memory encoded with multiple respective virtual 
network machines in the memory, said respective virtual network machines including corresponding 
respective network databases which include respective control information that respectively imparts 
router functionality to corresponding respective virtual network machines, said respective virtual 
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network machines respectively including at least one respective network interface to a respective 
network domain; 

respective subscriber records in an electronic memory that include respective information as 
to network domains to which respective subscriber end stations of respective subscribers may be 
bound; 

multiple respective sub-interface data structures in the electronic memory respectively 
associated with respective subscribers; 

a computer program in electronic memory that searches respective subscriber records to 
identify respective network domains that may be accessed by respective subscriber ends stations of 
respective subscribers; and 

respective binding data structures that respectively bind respective sub-interface data 
structures associated with respective subscribers to respective network interfaces to respective 
network domains identified from searching respective subscriber records. 

30. (Original) The system of claim 29 wherein, 

information in respective subscriber records identify multiple respective possible network 
domains to which respective subscriber end stations of respective subscribers may be bound; and 

information in respective subscriber records provide respective criteria for selecting between 
multiple respective network domains for respective subscribers. 
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